Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cdcd49e4409d35f386f9f394a3616cb99b2ea277b5444.exe

  • Size

    525KB

  • Sample

    230703-fe9htsga4x

  • MD5

    8f3af9350e139bd72c0e74d44cdfd01b

  • SHA1

    def07fc2bb4d1e74e3b1b0b387398c6308dbed3d

  • SHA256

    cdcd49e4409d35f386f9f394a3616cb99b2ea277b544479e1f3f9ef2004df887

  • SHA512

    8c5ae5e0e0496db26762dc58e5d504eea66e244bc9e5aa2cc157e00799781ccb143e64ff08e1c928671994c244d261c1c5a276ba5d2b7c720e909bbc56f63b5b

  • SSDEEP

    12288:dYlEqQ2PBsDY6jh7bR5Mxg0XtQpAu+pac:dYlEK817bR5+IMac

Malware Config

Extracted

Family

redline

Botnet

andre

C2

77.91.124.49:19073

Attributes
  • auth_value

    8e5522dc6bdb7e288797bc46c2687b12

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      cdcd49e4409d35f386f9f394a3616cb99b2ea277b5444.exe

    • Size

      525KB

    • MD5

      8f3af9350e139bd72c0e74d44cdfd01b

    • SHA1

      def07fc2bb4d1e74e3b1b0b387398c6308dbed3d

    • SHA256

      cdcd49e4409d35f386f9f394a3616cb99b2ea277b544479e1f3f9ef2004df887

    • SHA512

      8c5ae5e0e0496db26762dc58e5d504eea66e244bc9e5aa2cc157e00799781ccb143e64ff08e1c928671994c244d261c1c5a276ba5d2b7c720e909bbc56f63b5b

    • SSDEEP

      12288:dYlEqQ2PBsDY6jh7bR5Mxg0XtQpAu+pac:dYlEK817bR5+IMac

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks